181
59
I get the following prompt everytime I try to connect a server using SSH. I type "yes", but is there a way to aovid this?
The authenticity of host '111.222.333.444 (111.222.333.444)' can't be established.
RSA key fingerprint is f3:cf:58:ae:71:0b:c8:04:6f:34:a3:b2:e4:1e:0c:8b.
Are you sure you want to continue connecting (yes/no)?
shantanuo
Posted 2010-03-29T09:43:00.423
Reputation: 2 119
254
Use the -o option,
ssh -o "StrictHostKeyChecking no" user@host
thegeek
Posted 2010-03-29T09:43:00.423
Reputation: 2 980
What use would using an alternate identity file be? I mean, if you're connecting to a compromised host, what difference does it make how you authenticate - it's not like the compromised host can steal your key too. – Dagelf – 2015-06-02T10:16:03.403
1You may want to use an alternate identity file with the flag '-i' – MUY Belgium – 2013-04-22T10:08:14.707
108
Add the following lines to the beginning of /etc/ssh/ssh_config...
Host 192.168.0.*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
Options:
* to allow unrestricted access to all IPs./etc/ssh/ssh_config for global configuration or ~/.ssh/config for user-specific configuration. See http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html
JimFred
Posted 2010-03-29T09:43:00.423
Reputation: 1 201
2Pity I can only upvote you once. Setting KnownHosts to /dev/null is genius. – J0hnG4lt – 2014-08-08T15:15:58.963
1Your the smartest one. – Darth Egregious – 2014-09-05T20:08:18.023
33Ha! Tell my wife. – JimFred – 2014-09-06T21:16:36.460
28
You should only get this the first time you connect to a new host. After you respond yes the host gets stored in ~/.ssh/known_hosts and you won't get prompted the next time you connect.
Note that if ~/.ssh/known_hosts can not be written for any reason (e.g. permissions problem) then you will get prompted every time you connect.
Paul R
Posted 2010-03-29T09:43:00.423
Reputation: 4 717
8The question is is there anyway to avoid the prompt? – shantanuo – 2010-03-29T10:44:00.480
I tried adding "CheckHostIP no" to /etc/ssh/ssh_config file. But it does not seem to be working – shantanuo – 2010-03-29T10:46:26.403
2sudo chown -R user:user .ssh ; sudo chmod 700 .ssh; sudo chmod -R 600 .ssh/ ; ssh-keygen -R $hostname and reconnect that should take ALL problems out and ONLY ever re-prompt if a ssk_Hostkey is mucked with | changed or you are victim to a MITM. – linuxdev2013 – 2015-12-12T23:28:00.603
1it says "everytime" so this answer is super appropriate – tarikakyol – 2018-01-23T14:27:15.360
11
The best way (because it does not sacrifice security) is to connect once to all computers from one client (you'll be prompted every time, always answer yes). As pointed out in the other answer, the keys will then be stored in ~/.ssh/known_hosts. Then copy this file to every client computer you might later want to connect from (possibly for each user account you use). Then all these accounts will "know" the computers, hence no prompt.
The advantage over just disabling the prompt is that SSH can actually check if there is a MITM attack.
sleske
Posted 2010-03-29T09:43:00.423
Reputation: 19 887
1Although, if you often ssh via forward connections, you will want to add this to /etc/ssh/ssh_config:
Host 127.0.0.1 NoHostAuthenticationForLocalhost yes – Dagelf – 2015-06-02T10:14:39.187
1
If you want to disable the confirmation, rather than the authentication, you can use the option: "-o CheckHostIP=no"
ssh -i sergeys_rsa_key.pem -o CheckHostIP=no brin@8.8.8.8
R J
Posted 2010-03-29T09:43:00.423
Reputation: 111
The OP has already got the same answer and accepted it. – Ayan – 2015-07-12T04:03:15.337
0
This is probably because your ssh key server changed, since server ip or domain is the same but ssh key mismatch.
You must remove the stored key in /home/$user/.ssh/known_hosts to avoid this message.
I fixed it removing all keys in that file, so new token is created for this domain name.
IvanReed
Posted 2010-03-29T09:43:00.423
Reputation: 1
1Key changed produces a much uglier message with a box of atsigns and WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
and IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! in all-caps. The message in the question occurs
only if there is not already an entry in known_hosts. – dave_thompson_085 – 2015-12-15T06:15:56.170
0
I had faced a similar issue where despite using the above mentioned verified solution, my ssh was not working and it was because the known_hosts file was missing from ~/.ssh/ directory and the File System was read only. SO during run time also I was unable to create the ~/.ssh/known_hosts file.
If you face the similar issue then see if you can write the known_hosts file in the /tmp location. This is mostly write enabled even in a read-only file system.
Later in the ssh command you can specify the ssh to read the known_hosts file from /tmp location.
ssh -o UserKnownHostsFile=/tmp/known_hosts -o StrictHostKeyChecking=no user_name@destination_server_ip
Rohit Agrawal
Posted 2010-03-29T09:43:00.423
Reputation: 1
-2
Check the permissions on your ~/.ssh/known_hosts file. Mine were incorrect when I got this problem. I fixed it with:
chmod 0600 ~/.ssh/known_hosts
Andrew McCombe
Posted 2010-03-29T09:43:00.423
Reputation: 97
9/dev/null exists for those who think they are immune to man in the middle attacks :) – Tim Post – 2010-03-29T10:08:25.020
1
Worst part: Type
– ADTC – 2017-11-29T18:59:13.217yto save some time, and it complains:Please type 'yes' or 'no':(hmph)similar to https://askubuntu.com/questions/87449/how-to-disable-strict-host-key-checking-in-ssh/167753#167753
– MarkHu – 2019-03-21T04:45:06.760